cheddar/sig-auth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove caddy simulation

Browse source
This commit is contained in:
cheddar 2025-02-20 23:12:04 -05:00
parent 8d6102c58f
commit d0958d2366
No known key found for this signature in database
3 changed files with 12 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

7
client/client.go
View file

@ -19,7 +19,7 @@ import (
"github.com/opencontainers/go-digest" "github.com/opencontainers/go-digest"
) )
func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte, simulateCaddy bool) (*http.Response, error) { func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte) (*http.Response, error) {
client, err := getSigningClient(key, keyId) client, err := getSigningClient(key, keyId)
if err != nil { if err != nil {
@ -41,11 +41,6 @@ func Post(baseUrl *url.URL, key crypto.PrivateKey, keyId string, data []byte, si
req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded()) req.Header.Add("Content-Digest", string(id.Algorithm())+"="+id.Encoded())
req.Header.Add("Content-Type", "application/json") req.Header.Add("Content-Type", "application/json")
if simulateCaddy {
req.Header.Add("X-Forwarded-Method", req.Method)
req.Header.Add("X-Forwarded-Uri", req.RequestURI)
}
resp, err := client.Do(req) resp, err := client.Do(req)
return resp, err return resp, err

13
main.go
View file

@ -23,7 +23,6 @@ func main() {
user := flag.String("user", "", "Username to register") user := flag.String("user", "", "Username to register")
keyPath := flag.String("key", "", "Path to the private key (client mode) or public key (registration mode) to use") keyPath := flag.String("key", "", "Path to the private key (client mode) or public key (registration mode) to use")
baseUrlString := flag.String("base-url", "http://localhost:8080", "Base URL of the server") baseUrlString := flag.String("base-url", "http://localhost:8080", "Base URL of the server")
simulateCaddy := flag.Bool("caddy", false, "Simulate caddy reverse proxy")
useTempDb := flag.Bool("temp-db", false, "Use a temporary in-memory database") useTempDb := flag.Bool("temp-db", false, "Use a temporary in-memory database")
dbPath := flag.String("db", "", "Path to the sqlite database file") dbPath := flag.String("db", "", "Path to the sqlite database file")
@ -42,7 +41,7 @@ func main() {
return return
} }
runClient(baseUrl, *keyPath, *keyId, *simulateCaddy) runClient(baseUrl, *keyPath, *keyId)
} else if *register { } else if *register {
if *keyPath == "" || *user == "" { if *keyPath == "" || *user == "" {
flag.PrintDefaults() flag.PrintDefaults()
@ -56,11 +55,11 @@ func main() {
return return
} }
runServer(*simulateCaddy, *useTempDb, *dbPath) runServer(*useTempDb, *dbPath)
} }
} }
func runClient(baseUrl *url.URL, keyFile string, keyId string, simulateCaddy bool) { func runClient(baseUrl *url.URL, keyFile string, keyId string) {
testData := map[string]string{"hello": "world"} testData := map[string]string{"hello": "world"}
json_data, _ := json.Marshal(testData) json_data, _ := json.Marshal(testData)
@ -70,7 +69,7 @@ func runClient(baseUrl *url.URL, keyFile string, keyId string, simulateCaddy boo
log.Fatal(err) log.Fatal(err)
} }
resp, err := client.Post(baseUrl, key, keyId, json_data, simulateCaddy) resp, err := client.Post(baseUrl, key, keyId, json_data)
if err != nil { if err != nil {
log.Fatal(err) log.Fatal(err)
@ -117,7 +116,7 @@ func registerKey(baseUrl *url.URL, keyFile string, userId string) {
fmt.Printf("Registered key id: %s\n", keyId) fmt.Printf("Registered key id: %s\n", keyId)
} }
func runServer(simulateCaddy bool, useTempDb bool, dbPath string) { func runServer(useTempDb bool, dbPath string) {
var keyDir keydirectory.RegistrationDirectory var keyDir keydirectory.RegistrationDirectory
if useTempDb { if useTempDb {
@ -131,5 +130,5 @@ func runServer(simulateCaddy bool, useTempDb bool, dbPath string) {
} }
} }
server.Start(simulateCaddy, keyDir) server.Start(keyDir)
} }

17
server/server.go
View file

@ -13,7 +13,7 @@ import (
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
) )
func Start(isCaddyAuth bool, keyDir keydirectory.RegistrationDirectory) error { func Start(keyDir keydirectory.RegistrationDirectory) error {
mux := http.NewServeMux() mux := http.NewServeMux()
verifier := httpsig.Middleware(httpsig.MiddlewareOpts{ verifier := httpsig.Middleware(httpsig.MiddlewareOpts{
@ -32,15 +32,11 @@ func Start(isCaddyAuth bool, keyDir keydirectory.RegistrationDirectory) error {
}, },
}) })
verifyHandler := verifier(getDefaultHandler(isCaddyAuth)) verifyHandler := verifier(getDefaultHandler())
var handler http.Handler var handler http.Handler
if isCaddyAuth { handler = rewriteHeaders(verifyHandler)
handler = rewriteHeaders(verifyHandler)
} else {
handler = verifyHandler
}
mux.Handle("/auth", handler) mux.Handle("/auth", handler)
mux.Handle("/register", getRegistrationHandler(keyDir)) mux.Handle("/register", getRegistrationHandler(keyDir))
@ -50,14 +46,11 @@ func Start(isCaddyAuth bool, keyDir keydirectory.RegistrationDirectory) error {
return err return err
} }
func getDefaultHandler(isCaddyAuth bool) http.Handler { func getDefaultHandler() http.Handler {
handler := func(w http.ResponseWriter, r *http.Request) { handler := func(w http.ResponseWriter, r *http.Request) {
attr := httpsig.AttributesFromContext(r.Context()).(string) attr := httpsig.AttributesFromContext(r.Context()).(string)
if isCaddyAuth { w.Header().Add("Remote-User", attr)
w.Header().Add("Remote-User", attr)
}
msg := fmt.Sprintf("hello, %s!", attr) msg := fmt.Sprintf("hello, %s!", attr)
w.Write([]byte(msg)) w.Write([]byte(msg))
} }